mobbdev 1.0.27 → 1.0.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +33 -24
- package/package.json +1 -1
package/dist/index.mjs
CHANGED
|
@@ -227,12 +227,12 @@ var Vulnerability_Report_Vendor_Enum = /* @__PURE__ */ ((Vulnerability_Report_Ve
|
|
|
227
227
|
Vulnerability_Report_Vendor_Enum3["Sonarqube"] = "sonarqube";
|
|
228
228
|
return Vulnerability_Report_Vendor_Enum3;
|
|
229
229
|
})(Vulnerability_Report_Vendor_Enum || {});
|
|
230
|
-
var Vulnerability_Severity_Enum = /* @__PURE__ */ ((
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
return
|
|
230
|
+
var Vulnerability_Severity_Enum = /* @__PURE__ */ ((Vulnerability_Severity_Enum2) => {
|
|
231
|
+
Vulnerability_Severity_Enum2["Critical"] = "critical";
|
|
232
|
+
Vulnerability_Severity_Enum2["High"] = "high";
|
|
233
|
+
Vulnerability_Severity_Enum2["Low"] = "low";
|
|
234
|
+
Vulnerability_Severity_Enum2["Medium"] = "medium";
|
|
235
|
+
return Vulnerability_Severity_Enum2;
|
|
236
236
|
})(Vulnerability_Severity_Enum || {});
|
|
237
237
|
var MeDocument = `
|
|
238
238
|
query Me {
|
|
@@ -340,9 +340,7 @@ var GetFixesDocument = `
|
|
|
340
340
|
fixes: fix(where: $filters) {
|
|
341
341
|
safeIssueType
|
|
342
342
|
id
|
|
343
|
-
|
|
344
|
-
parsedSeverity
|
|
345
|
-
}
|
|
343
|
+
severityText
|
|
346
344
|
safeIssueLanguage
|
|
347
345
|
patchAndQuestions {
|
|
348
346
|
__typename
|
|
@@ -936,12 +934,12 @@ var ReportQueryResultZ = z3.object({
|
|
|
936
934
|
),
|
|
937
935
|
sharedState: FixSharedStateZ,
|
|
938
936
|
numberOfVulnerabilityIssues: z3.number(),
|
|
937
|
+
severityText: z3.nativeEnum(Vulnerability_Severity_Enum),
|
|
939
938
|
vulnerabilityReportIssues: z3.array(
|
|
940
939
|
z3.object({
|
|
941
940
|
id: z3.string().uuid(),
|
|
942
941
|
issueType: z3.string(),
|
|
943
|
-
issueLanguage: z3.string()
|
|
944
|
-
parsedSeverity: ParsedSeverityZ
|
|
942
|
+
issueLanguage: z3.string()
|
|
945
943
|
})
|
|
946
944
|
)
|
|
947
945
|
// scmSubmitFixRequests: ScmSubmitFixRequestsZ,
|
|
@@ -1024,11 +1022,11 @@ var ReportFixesQueryFixZ = z3.object({
|
|
|
1024
1022
|
})
|
|
1025
1023
|
),
|
|
1026
1024
|
numberOfVulnerabilityIssues: z3.number(),
|
|
1025
|
+
severityText: z3.nativeEnum(Vulnerability_Severity_Enum),
|
|
1027
1026
|
vulnerabilityReportIssues: z3.array(
|
|
1028
1027
|
z3.object({
|
|
1029
1028
|
issueType: z3.string(),
|
|
1030
|
-
issueLanguage: z3.string()
|
|
1031
|
-
parsedSeverity: ParsedSeverityZ
|
|
1029
|
+
issueLanguage: z3.string()
|
|
1032
1030
|
})
|
|
1033
1031
|
).min(1)
|
|
1034
1032
|
});
|
|
@@ -1094,11 +1092,11 @@ var FixQueryZ = z3.object({
|
|
|
1094
1092
|
})
|
|
1095
1093
|
),
|
|
1096
1094
|
numberOfVulnerabilityIssues: z3.number(),
|
|
1095
|
+
severityText: z3.nativeEnum(Vulnerability_Severity_Enum),
|
|
1097
1096
|
vulnerabilityReportIssues: z3.array(
|
|
1098
1097
|
z3.object({
|
|
1099
1098
|
vendorIssueId: z3.string(),
|
|
1100
|
-
issueLanguage: z3.string()
|
|
1101
|
-
parsedSeverity: ParsedSeverityZ
|
|
1099
|
+
issueLanguage: z3.string()
|
|
1102
1100
|
})
|
|
1103
1101
|
),
|
|
1104
1102
|
patchAndQuestions: PatchAndQuestionsZ,
|
|
@@ -1209,12 +1207,12 @@ var FixScreenQueryResultZ = z3.object({
|
|
|
1209
1207
|
fixReport_by_pk: FixPageFixReportZ,
|
|
1210
1208
|
fix_by_pk: FixQueryZ.merge(
|
|
1211
1209
|
z3.object({
|
|
1210
|
+
severityText: z3.nativeEnum(Vulnerability_Severity_Enum),
|
|
1212
1211
|
vulnerabilityReportIssues: z3.array(
|
|
1213
1212
|
z3.object({
|
|
1214
1213
|
vendorIssueId: z3.string(),
|
|
1215
1214
|
issueType: z3.string(),
|
|
1216
|
-
issueLanguage: z3.string()
|
|
1217
|
-
parsedSeverity: ParsedSeverityZ
|
|
1215
|
+
issueLanguage: z3.string()
|
|
1218
1216
|
})
|
|
1219
1217
|
)
|
|
1220
1218
|
})
|
|
@@ -3208,11 +3206,26 @@ var openRedirect2 = {
|
|
|
3208
3206
|
}
|
|
3209
3207
|
};
|
|
3210
3208
|
|
|
3209
|
+
// src/features/analysis/scm/shared/src/storedQuestionData/python/uncheckedLoopCondition.ts
|
|
3210
|
+
var uncheckedLoopCondition3 = {
|
|
3211
|
+
loopLimit: {
|
|
3212
|
+
content: () => "Please define a maximum loop limit",
|
|
3213
|
+
description: () => `Setting this number to a reasonable value will prevent the vulnerability`,
|
|
3214
|
+
guidance: () => ""
|
|
3215
|
+
},
|
|
3216
|
+
varName: {
|
|
3217
|
+
content: () => "Please define a variable name",
|
|
3218
|
+
description: () => `We need to define a variable to be used as a counter to limit the loop`,
|
|
3219
|
+
guidance: () => ""
|
|
3220
|
+
}
|
|
3221
|
+
};
|
|
3222
|
+
|
|
3211
3223
|
// src/features/analysis/scm/shared/src/storedQuestionData/python/index.ts
|
|
3212
3224
|
var vulnerabilities13 = {
|
|
3213
3225
|
["CSRF" /* Csrf */]: csrf2,
|
|
3214
3226
|
["LOG_FORGING" /* LogForging */]: logForging5,
|
|
3215
|
-
["
|
|
3227
|
+
["OPEN_REDIRECT" /* OpenRedirect */]: openRedirect2,
|
|
3228
|
+
["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: uncheckedLoopCondition3
|
|
3216
3229
|
};
|
|
3217
3230
|
var python_default2 = vulnerabilities13;
|
|
3218
3231
|
|
|
@@ -6786,12 +6799,8 @@ function buildCommentBody({
|
|
|
6786
6799
|
const title = `# ${MobbIconMarkdown} ${issueType} fix is ready`;
|
|
6787
6800
|
const validFixParseRes = z23.object({
|
|
6788
6801
|
patchAndQuestions: PatchAndQuestionsZ,
|
|
6789
|
-
vulnerabilityReportIssues: z23.array(
|
|
6790
|
-
z23.object({
|
|
6791
|
-
parsedSeverity: ParsedSeverityZ
|
|
6792
|
-
})
|
|
6793
|
-
).min(1),
|
|
6794
6802
|
safeIssueLanguage: z23.nativeEnum(IssueLanguage_Enum),
|
|
6803
|
+
severityText: z23.nativeEnum(Vulnerability_Severity_Enum),
|
|
6795
6804
|
safeIssueType: z23.nativeEnum(IssueType_Enum)
|
|
6796
6805
|
}).safeParse(fix);
|
|
6797
6806
|
if (!validFixParseRes.success) {
|
|
@@ -6803,7 +6812,7 @@ function buildCommentBody({
|
|
|
6803
6812
|
const subTitle = validFixParseRes.success ? getCommitDescription({
|
|
6804
6813
|
issueType: validFixParseRes.data.safeIssueType,
|
|
6805
6814
|
vendor: scannerToVulnerability_Report_Vendor_Enum[scanner],
|
|
6806
|
-
severity: validFixParseRes.data.
|
|
6815
|
+
severity: validFixParseRes.data.severityText,
|
|
6807
6816
|
guidances: getGuidances({
|
|
6808
6817
|
questions: validFixParseRes.data.patchAndQuestions.questions.map(toQuestion),
|
|
6809
6818
|
issueType: validFixParseRes.data.safeIssueType,
|